- All Exams Instant Download
What should you do?
You are the Security Admin in your company. You want to synchronize all security groups that have an email address from your LDAP directory in Cloud IAM. What should you do?A . Configure Google Cloud Directory Sync to sync security groups using LDAP search rules that have “user email address”...
Which solution meets these requirements?
You are working with a client who plans to migrate their data to Google Cloud. You are responsible for recommending an encryption service to manage their encrypted keys. You have the following requirements: ✑ The master key must be rotated at least once every 45 days. ✑ The solution that...
Which Cloud Identity password guidelines can the organization use to inform their new requirements?
An organization adopts Google Cloud Platform (GCP) for application hosting services and needs guidance on setting up password requirements for their Cloud Identity account. The organization has a password policy requirement that corporate employee passwords must have a minimum number of characters. Which Cloud Identity password guidelines can the organization...
Which one of these areas in the technology stack would they need to focus on as their primary responsibility when using App Engine?
An organization's security and risk management teams are concerned about where their responsibility lies for certain production workloads they are running in Google Cloud Platform (GCP), and where Google's responsibility lies. They are mostly running workloads using Google Cloud's Platform-as-a-Service (PaaS) offerings, including App Engine primarily. Which one of these...
How should you configure the network?
You need to set up a Cloud interconnect connection between your company's on-premises data center and VPC host network. You want to make sure that on-premises applications can only access Google APIs over the Cloud Interconnect and not through the public internet. You are required to only use APIs that...
Which service should be used to accomplish this?
A customer deploys an application to App Engine and needs to check for Open Web Application Security Project (OWASP) vulnerabilities. Which service should be used to accomplish this?A . Cloud Armor B. Google Cloud Audit Logs C. Cloud Security Scanner D. Forseti SecurityView AnswerAnswer: C Explanation: Reference: https://cloud.google.com/security-scanner/
Which method should you use?
Your company requires the security and network engineering teams to identify all network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and traffic between VMs to Google Cloud services in production. Which method should you use?A . Define...
Which document should you review to find the information?
You want to evaluate GCP for PCI compliance. You need to identify Google’s inherent controls. Which document should you review to find the information?A . Google Cloud Platform: Customer Responsibility Matrix B. PCI DSS Requirements and Security Assessment Procedures C. PCI SSC Cloud Computing Guidelines D. Product documentation for Compute...
How should the customer ensure authenticated network separation between the different tiers of the application?
A customer wants to deploy a large number of 3-tier web applications on Compute Engine. How should the customer ensure authenticated network separation between the different tiers of the application?A . Run each tier in its own Project, and segregate using Project labels. B. Run each tier with a different...
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?
Which type of load balancer should you use to maintain client IP by default while using the standard network tier?A . SSL Proxy B. TCP Proxy C. Internal TCP/UDP D. TCP/UDP NetworkView AnswerAnswer: C Explanation: Reference: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_forwarding_rule
